Clever hackers have developed a new technique to trap their victims. A large companion of trapped emails thus affect Microsoft 365 users worldwide.
A new phishing technique targeting Microsoft 365 users has recently appeared, worrying cybersecurity experts. In fact, the stratagem, implemented by cybercriminals, exploits faults in the structure of URLs (Internet addresses) and uses very effective camouflage methods to steal sensitive identifiers. Spotted in January by Check Point researchers, this attack mainly targets companies in the United States and Europe, but it could extend to individuals using the Microsoft platform.
Pirates play on a little -known function of URLs to fake their links in a difficulty detectable way. By using the “Userinfo” section located at the start of the web addresses, located between “http: //” and the ” @” symbol, which few people know and examine, they can insert hidden data that deceives users. And by combining this trick with other techniques such as character encoding, they make their emails even more credible. Messages imitate current documents, such as invoices or subscription notifications, that the majority of users could open without distrust.
Once the e-mail trapped is open, the victim is redirected to a web page almost perfectly imitating the Microsoft 365 interface. To add an additional credibility layer, this false page includes a CAPTCHA, a tool of control tool supposed to prove that this is a real secure site. Once on the false site, the victim is invited to reconnect to his Microsoft account, thus delivering his identifier and password to pirates who can then recover other confidential information and use it at will.
The volume of this campaign is impressive, with more than 200,000 emails sent. It is not limited to a particular sector and affects all kinds of organizations, ranging from small businesses to large multinationals. Most attacks have been identified in the United States, but other regions like Canada and Europe are also affected, and France is not spared.
Faced with these new threats, traditional cybersecurity solutions, such as anti-SPAM filters and e-mail verification protocols show their limits. To protect themselves, companies are invited to adopt more advanced technologies, especially based on artificial intelligence, which makes it possible to very quickly detect suspicious behavior, like the protections that Microsoft now uses. But, as always, the vigilance of users remains essential.